One thing is that the client should authenticate itself as well. If you use
service account you have one set of credentials for the client, but if you
use regular user account you have two. Service accounts also have different
authentication mechanisms to users and doesn't get "interrupted" by
required actions.
On 18 Oct 2017 7:36 am, "Graham O'Regan" <graham.oregan(a)gmail.com>
wrote:
Hi,
We are using mod_auth_openidc set up as a keycloak client so we can use
openid-connect for browsers and oauth20 for REST clients. We have setup
some REST clients as users and use a grant_type=password to get a bearer
token but I’ve also tested using a keycloak client with a service account
to achieve a similar effect. There is a benefit to us in using a user
account because we have hooked the account creation into our internal
authorization mechanism but would it be preferable to use service accounts
instead?
Thanks in advance,
G
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user